glibc

AuroraMiddleware/glibc

Fork 0

mirror of https://sourceware.org/git/glibc.git synced 2024-09-20 08:30:00 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Florian Weimer	bd77dd7e73	CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode Without passing alt_dns_packet_buffer, __res_context_search can only store 2048 bytes (what fits into dns_packet_buffer). However, the function returns the total packet size, and the subsequent DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end of the stack-allocated buffer. Fixes commit `f282cdbe7f` ("resolv: Implement no-aaaa stub resolver option") and bug 30842.	2023-09-13 14:10:56 +02:00

Florian Weimer

bd77dd7e73

CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode

Without passing alt_dns_packet_buffer, __res_context_search can only
store 2048 bytes (what fits into dns_packet_buffer).  However,
the function returns the total packet size, and the subsequent
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
of the stack-allocated buffer.

Fixes commit f282cdbe7f ("resolv: Implement no-aaaa
stub resolver option") and bug 30842.

2023-09-13 14:10:56 +02:00

1 Commits